Project

General

Profile

Actions

Feature #843

closed

Custom http logging filter functionality

Added by Roberto Martelloni over 11 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

I think can be useful to have a blacklist filter functionality to disallow HTTP logging of web sites that match a list of regex on FQDNs.

From my point of view having logs about some web site like for example advertising web sites it's not useful from a security point of view and also it's a waste of hard disk space and computational power.

I thin can be useful to have an external file ( ex: disable_http_logging.sites ) that contains a list of regex ( ex: *.google\.com, .*advertising\.com ) that disallow HTTP logging functionality on matched regexp.


Related issues 1 (1 open0 closed)

Related to Suricata - Feature #1005: conditional logging: controlling what gets loggedAssignedVictor JulienActions
Actions #1

Updated by Victor Julien about 11 years ago

  • Target version set to TBD
Actions #2

Updated by Victor Julien over 8 years ago

  • Assignee deleted (Victor Julien)

I think it could be interesting to make the logging depend on the rule language. E.g. by adding something like 'log:yes;' or 'log:no;'.

Actions #3

Updated by Andreas Herz over 8 years ago

  • Assignee set to Anonymous
Actions #4

Updated by Victor Julien over 6 years ago

  • Related to Feature #1005: conditional logging: controlling what gets logged added
Actions #5

Updated by Victor Julien over 6 years ago

Probably best implemented as suggested in #1005

Actions #6

Updated by Andreas Herz almost 6 years ago

  • Assignee set to Community Ticket
Actions #7

Updated by Philippe Antoine over 1 year ago

Looks solved to me cf S-V test cond-log-http-testmyids

using rule config http any any -> any any (http.host; content:"test"; config:logging disable, type tx, scope tx; sid:1;)

Actions #8

Updated by Philippe Antoine over 1 year ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF